I'm working on a project called ThePeopleHubProject, and on the registration you need to input a password.
Do I need to secure the passwords from SQL injection if they are encrypted?
I use crypt(sha1()) as a encryption method.
Thanks, Thomas.
You don't need to, you can either restrict your input field of password to allow/accept what combination it needs.
<input type="password" name="password">
PHP Code:
<?php
if(isset($_POST['password'])
$password = htmlentities($_POST['password']) // This will ensure any html characters entered to their equivalent value.
md5 or sha1($password);
To basically sum-up my answer, encrypting is more than enough you don't need to worry about sql-injection here.